<?php
session_start();
include 'interface.php';
include 'dbconnect.php';
$dbcnx = dbconnect();
$login= $_POST["login"];
$password = $_POST["password"]; 





$query = "SELECT user.id, user.name, user.isAdmin FROM newsdb.users user WHERE user.login=\"$login\" AND user.password=\"$password\"";
$qres = mysql_query($query); 
if (mysql_num_rows($qres) == 1)	
{
	session_start();
	$_SESSION['loggedIn'] = true;
	$_SESSION['id'] = mysql_result($qres, 0, 'id');
	$_SESSION['name'] = mysql_result($qres, 0, 'name');
	if (mysql_result($qres, 0, 'isAdmin') != 0) {
		$_SESSION['isAdmin'] = true;
		} else {
		$_SESSION['isAdmin'] = false;
		}
	}
echo "<html>";
echo "<title>";
  echo "Чатик - Авторизация";
echo "</title>";
echo "<body>";

    echo "<table width = \"100%\" bordercolor = \"green\"><!-- \"#5a009c\" -->";
        drawHeader();
    echo "<tr>";
        echo "<td></td>";
        echo "<td colspan = \"2\" rowspan = \"2\">";		
       if ($_SESSION['loggedIn'])
		{
			
			echo "Авторизация прошла успешно!";
			echo "<a href = index.php?type=1> На главную </a>";
		} else {
			echo "Пользователь с таким логином и паролем не существует!";
			//die('Беда=( ' .mysql_error());
		}        
        echo "</td>";
        echo "</tr>";
    echo "</table>";   
echo "</body>";	
echo "</html>";
?>

